Skip to content

in_systemd: always reset cursor before iterating fields #11073

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

in_systemd: always reset cursor before iterating fields #11073

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
2a64814
in_systemd: add explicit restarts for the journal data cursor
edsiper Oct 28, 2025
6157556
lib: zstd: hide all sysbols to avoid conflicts
edsiper Oct 28, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 17 additions & 0 deletions lib/zstd-1.5.7/build/cmake/lib/CMakeLists.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -137,6 +137,23 @@ if (ZSTD_BUILD_SHARED)
endif ()
if (ZSTD_BUILD_STATIC)
add_library(libzstd_static STATIC ${Sources} ${Headers})
#
# Fluent Bit links libzstd statically while also loading libsystemd at
# runtime. On platforms such as RHEL10, libsystemd itself links against
# the system's shared libzstd. When our binary exports the bundled zstd
# symbols with default visibility the dynamic linker may resolve
# libsystemd's zstd calls to the bundled implementation instead of the
# system one. The ABI between the two releases is not compatible which
# ultimately leads to crashes when libsystemd frees its own ZSTD
# structures via our symbols.
#
# Hide all symbols from the static archive so that the bundled library
# cannot interpose the system copy used by libsystemd (or any other
# consumer). This mirrors how we build the static archive on other
# platforms and keeps the symbols internal to fluent-bit.
set_target_properties(libzstd_static PROPERTIES
C_VISIBILITY_PRESET hidden
VISIBILITY_INLINES_HIDDEN YES)
target_include_directories(libzstd_static INTERFACE $<BUILD_INTERFACE:${PUBLIC_INCLUDE_DIRS}>)
list(APPEND library_targets libzstd_static)
if (ZSTD_MULTITHREAD_SUPPORT)
Expand Down
18 changes: 18 additions & 0 deletions plugins/in_systemd/systemd.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -308,6 +308,15 @@ static int in_systemd_collect(struct flb_input_instance *ins,
}

while ((ret_j = sd_journal_next(ctx->j)) > 0) {
/*
* Reset the journal data cursor as soon as we advance to the next
* entry. Newer libsystemd releases keep Zstandard decompression
* state across data lookups, so carrying over the state from a
* previous entry can trigger use-after-free bugs while we fetch the
* first fields (for example when retrieving _SYSTEMD_UNIT for
* dynamic tags).
*/
sd_journal_restart_data(ctx->j);
/* If the tag is composed dynamically, gather the Systemd Unit name */
if (ctx->dynamic_tag) {
ret = sd_journal_get_data(ctx->j, "_SYSTEMD_UNIT", &data, &length);
Expand Down Expand Up @@ -384,6 +393,15 @@ static int in_systemd_collect(struct flb_input_instance *ins,
/* Pack every field in the entry */
entries = 0;
skip_entries = 0;

/*
* Restart the journal data cursor before enumerating the fields for
* this entry. sd_journal_get_data() above may advance the cursor, so
* reset it again to ensure enumeration starts from the first field and
* that libsystemd does not reuse a stale decompression context.
*/
sd_journal_restart_data(ctx->j);

while (sd_journal_enumerate_data(ctx->j, &data, &length) > 0 &&
entries < ctx->max_fields) {
key = (const char *) data;
Expand Down
Loading